In Hasbro’s network, unauthorized access occurred when someone intruded where they shouldn’t have been. This $14.4 billion toy and entertainment company, owner of brands like Peppa Pig and Transformers, revealed it detected the breach on March 28. Since then, Hasbro has taken parts of its infrastructure offline, warning of potential delays in product deliveries for weeks.
The disclosure was made via an 8-K filing with the U.S. Securities and Exchange Commission, a necessary mechanism for publicly traded companies to report significant cybersecurity incidents. Hasbro stated it activated security incident response protocols, engaged third-party cybersecurity experts, and initiated containment measures. A spokesperson informed the BBC about their swift action to protect systems and data, though neither the filing nor spokesperson discussed the attack’s nature, any contact from intruders, or potential customer data compromise.
Parts of Hasbro’s and its individual brand websites were showing errors on Wednesday afternoon. TechCrunch confirmed the downtime. The SEC filing’s language, noting ongoing implementation of business operation security measures, suggests attackers might still be in the network. The company has activated business-continuity plans to continue orders and shipments but warned these measures might last weeks, possibly delaying product deliveries.
Hasbro did not respond to TechCrunch questions about whether ransomware was involved, a common type of attack in recent years. The spokesperson reiterated the SEC filing’s details without further comments. The ongoing investigation aims to ascertain the breach’s full scope and review potentially affected files before giving necessary notifications.
The timing comes as Hasbro emerges from a strong financial year, with 2025 revenue reaching $4.7 billion, a 14% increase due to growth in the Wizards of the Coast and Digital Gaming segment. The company had forecasted a 3 to 5% revenue increase in 2026. An extended systems outage during operational growth is the type of disruption challenging for large enterprises to manage, especially when recovery duration is uncertain.
The breach occurs amidst a corporate climate familiar with such attacks. Around Easter 2025, major UK retailers faced a wave of intrusions: Marks & Spencer, the Co-op, and Harrods suffered significant disruptions and financial losses. Later, Jaguar Land Rover experienced a damaging attack, halting production across its factories.
This pattern extended beyond the UK, with Japanese brewing company Asahi hit by a ransomware attack in September 2025. It reverted to pen and paper, as personal data of about 1.9 million individuals were exposed, causing disruptions into 2026. The Qilin ransomware group claimed responsibility, with global ransomware attacks rising 32% in 2025. Manufacturers became the primary targets, but the average data breach cost fell to $4.44 million, attributed to AI-assisted detection and response, albeit unevenly distributed across industries.
Hasbro, focused on physical products and entertainment licensing, has a different cybersecurity posture compared to software firms and banks. While toy companies hold consumer data and intellectual property for well-known brands, they may not be equipped for growing adversarial cybersecurity pressures. The SEC’s cybersecurity disclosure rules ensure faster public awareness of incidents like Hasbro’s.
It’s uncertain whether Hasbro’s breach will mimic the UK retail attacks with extended disruption and financial costs or remain manageable. The SEC filing’s warning of possible unsuccessful containment and remediation is standard legal caution but emphasizes the challenge regulators and enterprises face: identifying intrusions is one part, but understanding what was taken and ensuring intruders are gone is often arduous work.
Hasbro’s 103-year history has withstood wars, recessions, and digital disruptions. Whether this incident becomes a mere footnote or turning point depends on answers the company doesn’t yet have.